While enterprises typically have robust perimeter security such as firewalls and network Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), malware occasionally slips through to compromise the endpoints. Recent episodes involving the Zeus, Aurora/HYDRAQ, and Mariposa botnets have all thrived on compromised endpoints. A potential compromise at a medical clinic in Calgary/Canada that required more than 4,700 patients to be notified was reported this week and provides an unfortunate proof point to the issue. Once inside, there is the potential for a spear-phishing attacker to bounce from the compromised IT administrator endpoint and use credentials from that endpoint to move into the server or cloud infrastructure to steal data.
Infrastructure-as-a-Service (IaaS) cloud providers also have perimeter security measures to protect their customers’ server instances. The IaaS players typically do have firewalls protecting their customers, but bypassing the IaaS perimeter security only requires a credit card. Bad guys could potentially access the infrastructure by renting some IaaS time with a stolen credit card and end up with their cloud server on the same physical hardware as your virtual server.
How do enterprises mitigate these threats? For enterprises protecting their infrastructure, this means the classic “defense in depth” where one needs to consider protecting the individual host that might be living in a dynamic, virtualized environment. For the IaaS situation, enterprises need to understand that they are responsible for the security of their servers and should consider augmenting existing cloud security with host-based security that the enterprise can control including firewalls, vulnerability shielding (IDS/IPS), system file integrity, and log inspection.
If you are an enterprise who is concerned about whether you might be at risk from botnet infections, I would suggest considering some sort of gateway assessment tool that can determine whether you are compromised. If you are a consumer or concerned about your home PCs, you can scan your system with our free online scanners available from various content security vendors (my one shameless product plug: check out Trend Micro’s HouseCall to scan your PC).